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DETAILED ACTION 

Claims 1-72 have been examined. 

Claim Objections 

1 . Claims 28-29 are objected to because of the following informalities: It appears that claims 28 and 
29 should be dependent on claim 27, not claim 26. Appropriate correction is required. 

Claim Rejections - 35 USC §101 

2. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 

Claims 49-71 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non- 
statutory subject matter. The computer readable medium claim indicates that the medium can be carried, 
e.g. carrier waves, or signals. Carrier waves or signals are not considered to fall under one of the four 
statutory categories of invention. The Examiner suggest amending the claim to read "A computer- 
readable storage medium..." to overcome the prior art rejection. 

Claim Rejections - 35 USC §103 

3. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all obviousness 

rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

4. Claims 1-72 are rejected under 35 U.S.C. 103(a) as being unpatentable over Cohen et al. (US 
2005/0193430), herein referred to as Cohen, and further in view of Milliken et al. (US 7,200,105), herein 
referred to as Milliken. 
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As per claims 25, 26, Cohen discloses a method of determining network penetration, the method 
comprising the computer-implemented steps of: 

representing a travel of a packet in a network based on topology data and on security policy data 
including at least 

defining a packet by at least specifying a source address, an entry port and a destination port; 
starting a loop for a current network device (see paragraphs 34-35 an paragraph 69, it is implied 
that the packet must travel through a source address and entry and destination port, and 
paragraph 75, showing various ports that the packets may traverse); 

accessing access control list (ACL) data stored in an ACL database and the topology data stored 
in a topology database (see paragraph 28); 

deciding whether an ingress interface of a current network device allows entry into the current 
network device, if the entry is not permitted, then terminating the loop for the current network 
device, if the entry is permitted continuing the loop (see paragraph 47); 

determining if there are any neighboring network device, if there are not any neighboring network 
devices, then an indication of the current network device is returned as a maximum penetration 
point as at least part of results of the step of representing, and the loop is terminated; 
if there is a neighboring network device, then the loop continues determining whether or not there 
are any remaining outbound interfaces for which results of a possible egress of the packet have 
not been determined, if there are no more remaining outbound interfaces, the loop is terminated, 
if there are more remaining interfaces, then the current network device is set to the neighboring 
network device to corresponding one of the remaining outbound interfaces, and if the loop has 
not been terminated for the current network device, restarting the loop for the current network 
device (see paragraph 48, discussing traversing the topology of the network node by neighboring 
node as long as the attack can continue, and stopping until an attack can no longer be sustained 
because the constraint of the attack at the current node is not met or it has run out of nodes to 
continue). 
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In considering the displaying of the graph, Cohen discloses that the attack graph (path of packet 

travel while penetrating the network is displayed in graph form (see paragraph 30). 

Although the system disclosed by Cohen shows substantial features of the claimed invention 
(discussed above), it fails to disclose determining if a static routing table is present, if the static routing 
table is present then determining to which interface outbound traffic is permitted to exit, and if the static 
routing table is not present, then allowing outbound traffic to exit through all outbound interfaces. 

Nonetheless, these features are well known in the art and would have been an obvious 
modification of the system disclosed by Cohen, as evidenced by Milliken. 

In an analogous art, Milliken discloses a system for point of ingress traceback of a network attack 
(see Title). Milliken discloses that a router may include multiple input interfaces and routing tables that 
may determine the active route to network destinations (see column 4, lines 47-59). Milliken further 
discloses determining if a static routing table is present, if the static routing table is present then 
determining to which interface outbound traffic is permitted to exit, and if the static routing table is not 
present, then allowing outbound traffic to exit through all outbound interfaces (see column 4, lines 65). 

Given the teaching of Milliken, a person having ordinary skill in the art would have readily 
recognized the desirability and advantages of modifying Cohen by employing a determination of a static 
routing table, such as disclosed by Milliken, in order to gather information about the path of packet travel 
that is allowed through a router. 

As per claims 19,45,68, Cohen further discloses receiving packet parameters that support 
transmission control protocol flags (see paragraph 75, showing transmission control protocol ports i.e. 
FTP, implying the support of flags). 

Claims 1-18,20-24,27-44,46-67,69-72 are rejected on the same basis as claims 25,27 above. 
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Conclusion 

Any inquiry concerning this communication or earlier communications from the examiner should 
be directed to PHILIP J. CHEA whose telephone number is (571 )272-3951 . The examiner can normally 
be reached on M-F 6:30-4:00 (1st Friday Off). 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, 
Joseph Thomas can be reached on 571-272-6776. The fax phone number for the organization where this 
application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent Application 
Information Retrieval (PAIR) system. Status information for published applications may be obtained from 
either Private PAIR or Public PAIR. Status information for unpublished applications is available through 
Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) 
at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative 
or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272- 
1000. 

Philip J Chea 
Examiner 
Art Unit 2453 

/Philip J Chea/ 
Examiner, Art Unit 2453 
12/8/09 



